Method and system for initiating a virtual private network over a shared network on behalf of a wireless terminal

US 7,388,844 B1
Filed: 08/28/2002
Issued: 06/17/2008
Est. Priority Date: 08/28/2002
Status: Active Grant

First Claim

Patent Images

1. A system comprising:

A shared network;

a radio access network, the radio access network including a base transceiver station (BTS) for communicating with a wireless terminal over an air interface and a packet data serving node (PDSN) for routing packets between the wireless terminal and the shared network;

an enterprise network;

a resource on the enterprise network, wherein the wireless terminal and the resource are able to engage in packet communication over a communication pathway, the communication pathway extending through the radio access network, the shared network, and the enterprise network;

a VPN server in the communication pathway;

a VPN terminator in the communication pathway, wherein the VPN server and the VPN terminator are able to establish a VPN connection between them through the shared network, the VPN connection providing part of the communication pathway; and

a network services platform in the communication pathway between the PDSN and the VPN server, wherein the network services platform is able to manipulate data carried in packets exchanged between the wireless terminal and the resource to provide at least one communication service, wherein the at least one communication service comprises a transcoding service in which the network services platform transcodes data transmitted by the wireless terminal into a format compatible with a capability of the resource indicated by the wireless terminal.

View all claims

6 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A VPN server on a radio access network may initiate a virtual private network (VPN) over a shared network, e.g., Internet, on behalf of a wireless terminal. The VPN may span the shared network, but not span the radio access network. As a result, the radio access network may be able to analyze and manipulate data sent by the wireless terminal. Additionally, the VPN may securely transport the data through the shared network.

153 Citations

20 Claims

1. A system comprising:
- A shared network;
  
  a radio access network, the radio access network including a base transceiver station (BTS) for communicating with a wireless terminal over an air interface and a packet data serving node (PDSN) for routing packets between the wireless terminal and the shared network;
  
  an enterprise network;
  
  a resource on the enterprise network, wherein the wireless terminal and the resource are able to engage in packet communication over a communication pathway, the communication pathway extending through the radio access network, the shared network, and the enterprise network;
  
  a VPN server in the communication pathway;
  
  a VPN terminator in the communication pathway, wherein the VPN server and the VPN terminator are able to establish a VPN connection between them through the shared network, the VPN connection providing part of the communication pathway; and
  
  a network services platform in the communication pathway between the PDSN and the VPN server, wherein the network services platform is able to manipulate data carried in packets exchanged between the wireless terminal and the resource to provide at least one communication service, wherein the at least one communication service comprises a transcoding service in which the network services platform transcodes data transmitted by the wireless terminal into a format compatible with a capability of the resource indicated by the wireless terminal.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The system of claim 1, wherein the wireless terminal identifies a resource type and the network services platform determines the capability of the resource from the resource type.
  - 3. The system of claim 1, wherein the at lest one communication service comprises a decompression service in which the wireless terminal transmits compressed data to communicate with the resource and the network services platform decompresses the compressed data.
  - 4. The system of claim 1, wherein the at least one communication service comprises an image conversion service in which the network services platform converts an image from a first resolution to a second resolution.
  - 5. The system of claim 1, wherein the at least one communication service comprises a web content conversion service in which the network services platform converts web content from one markup language to another markup language.
  - 6. The system of claim 1, wherein the network services platform is able to respond to a request sent by the wireless terminal.
  - 7. The system of claim 6, wherein the request is a synchronization request, and wherein the network services platform responds to the synchronization request by synchronizing data stored on the wireless terminal with data stored on the resource.
  - 8. The system of claim 6, wherein the request is a location determination request, and wherein the network services platform responds to the location determination request by determining a location of the wireless terminal.

9. A method comprising:
- establishing a VPN connection through a shared network between a VPN server and a VPN terminator for packet communication between a wireless terminal and a resource on an enterprise network;
  
  the wireless terminal transmitting a packet to a radio access network over an air interface;
  
  a packet entity in the radio access network routing the packet to a network services platform;
  
  the network services platform manipulating data in the packet to provide at least one communication service, wherein the at least one communication service comprises a transcoding service in which the network services platform transcodes the data in the packet into a format that is compatible with a capability of the resource as indicated by the wireless terminal;
  
  after manipulating the data in the packet, the network services platform sending the packet to the VPN server;
  
  the VPN server tunneling the packet through the VPN connection to the VPN terminator; and
  
  the VPN terminator receiving the packet and routing the packet to the resource over the enterprise network.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20)
- - 10. The method of claim 9, further comprising:
    - the wireless terminal identifying a resource type; and
      
      the network services platform determining the capability of the resource from the resource type.
  - 11. The method of claim 9, wherein the packet includes an enterprise address that indicates the wireless terminal is authorized to communicate over the enterprise network.
  - 12. The method of claim 11, wherein the enterprise address is an Internet Protocol (IP) address.
  - 13. The method of claim 12, wherein the enterprise address is a source address of the packet.
  - 14. The method of claim 13, further comprising:
    - determining from the enterprise address in the packet that the wireless terminal is authorized to communicate over the enterprise network.
  - 15. The method of claim 14, wherein determining from the enterprise address in the packet that the wireless terminal is authorized to communicate over the enterprise network comprises:
    - the VPN terminator determining that the source address of the packet matches an IP address in a pool of IP addresses.
  - 16. The method of claim 11, further comprising:
    - inserting a VLAN ID into the packet, wherein the VLAN ID identifies the VPN connection; and
      
      the VPN server determining the VPN connection identified by the VLAN ID.
  - 17. The method of claim 16, wherein the packet entity inserts the VLAN ID into the packet, further comprising:
    - the packet entity using the enterprise address to determine the VLAN ID.
  - 18. The method of claim 16, wherein the packet entity inserts the VLAN ID into the packet, further comprising:
    - the network services platform using the enterprise address to determine the VLAN ID.
  - 19. The method of claim 9, wherein the at least one communication service comprises a decompression service in which the network services platform decompresses the data in the packet.
  - 20. The method of claim 9, wherein the packet entity is an interworking function (IWF).

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Original Assignee
Sprint Spectrum LP (Deutsche Telekom AG)
Inventors
Taylor, Paul, Brown, David, Chaturvedi, Pawan, Packingham, Kevin
Primary Examiner(s)
Orgad; Edan
Assistant Examiner(s)
HALIYUR, VENKATESH N

Application Number

US10/229,703
Time in Patent Office

2,120 Days
Field of Search

370/310.2, 370328-338, 370/342, 370/343, 370/346, 370/349, 370/252, 370/352, 370/390, 370/401, 709/206, 709/227, 709/2, 455/461
US Class Current

370/252
CPC Class Codes

H04L 12/4641   Virtual LANs, VLANs, e.g. v...

H04L 63/0272   Virtual private networks

H04L 63/0892   by using authentication-aut...

H04L 67/04   specially adapted for termi...

H04L 67/56   Provisioning of proxy servi...

H04L 67/565   Conversion or adaptation of...

H04W 12/03   Protecting confidentiality,...

H04W 76/12   Setup of transport tunnels

H04W 84/10   Small scale networks; Flat ...

H04W 88/181   Transcoding devices; Rate a...

Method and system for initiating a virtual private network over a shared network on behalf of a wireless terminal

First Claim

6 Assignments

0 Petitions

Accused Products

Abstract

153 Citations

20 Claims

Specification

Use Cases

Quick Links

Others

Method and system for initiating a virtual private network over a shared network on behalf of a wireless terminal

First Claim

6 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

153 Citations

20 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others